I have a web application (PHP) which i need to leave in a customer premise. They have no internet and are not willing to use internet to use my app.
So i have to leave a linux server at their place. But i'm worried about someone accessing my server and getting my PHP code. In addition to encrypting PHP (Ion encoder, Zend Guard) and LUKS disk encryption i don't know what else i can do to prevent my machine.
I know, Microsoft said long time ago that as far as someone has physical access to a machine it should be considered breakable so my app/server will be in "hostile territory" but i have no choice. But i can do as much as i can to prevent it. I'm considering disabling TTY's and enabling login via SSH with keys so only i can access it remotely (which means when i get there with my laptop).
Which one would be better ? having my whole setup in a server or inside a vm inside a server ? because the disk will be encrypted i don't care too much about someone copying my disk (i can't doo too much either). But then, how can i prevent someone changing the root password from grub ?
Also, even if i password protect the BIOS, won't it unlock when the board be flashed ?